Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/perl@5.8.4-8sarge6

Type deb

Namespace debian

Name perl

Version 5.8.4-8sarge6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-5q5y-jrh7-wqdy

vulnerability_id VCID-5q5y-jrh7-wqdy

summary Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2381.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2381.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2381

reference_id

reference_type

scores

value	0.27444
scoring_system	epss
scoring_elements	0.96511
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2381

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1309214
reference_id	1309214
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1309214

reference_url	https://security.gentoo.org/glsa/201701-75
reference_id	GLSA-201701-75
reference_type
scores
url	https://security.gentoo.org/glsa/201701-75

reference_url	https://access.redhat.com/errata/RHSA-2026:6206
reference_id	RHSA-2026:6206
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6206

fixed_packages

url pkg:deb/debian/perl@5.14.2-21%2Bdeb7u3

purl pkg:deb/debian/perl@5.14.2-21%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6sya-vave-ckgn

vulnerability	VCID-dx7d-j7be-93e7

vulnerability	VCID-ktn9-tw2d-37ex

vulnerability	VCID-n1jt-6svb-x3e3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.14.2-21%252Bdeb7u3

aliases CVE-2016-2381

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5q5y-jrh7-wqdy

url VCID-6sya-vave-ckgn

vulnerability_id VCID-6sya-vave-ckgn

summary Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12837.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12837.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12837

reference_id

reference_type

scores

value	0.0244
scoring_system	epss
scoring_elements	0.85453
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	1.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:P/I:N/A:N

value	4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1492091
reference_id	1492091
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1492091

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875596
reference_id	875596
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875596

reference_url	https://access.redhat.com/errata/RHSA-2026:6206
reference_id	RHSA-2026:6206
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6206

fixed_packages

url pkg:deb/debian/perl@5.20.2-3%2Bdeb8u11

purl pkg:deb/debian/perl@5.20.2-3%2Bdeb8u11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dx7d-j7be-93e7

vulnerability	VCID-n1jt-6svb-x3e3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.20.2-3%252Bdeb8u11

aliases CVE-2017-12837

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6sya-vave-ckgn

url VCID-dx7d-j7be-93e7

vulnerability_id VCID-dx7d-j7be-93e7

summary information disclosure

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12883.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12883.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12883

reference_id

reference_type

scores

value	0.04711
scoring_system	epss
scoring_elements	0.8956
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12883

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:P

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1492093
reference_id	1492093
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1492093

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875597
reference_id	875597
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875597

reference_url

https://security.archlinux.org/AVG-500

reference_id

AVG-500

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-500

reference_url	https://access.redhat.com/errata/RHSA-2026:6206
reference_id	RHSA-2026:6206
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6206

fixed_packages

url pkg:deb/debian/perl@5.20.2-3%2Bdeb8u11

purl pkg:deb/debian/perl@5.20.2-3%2Bdeb8u11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dx7d-j7be-93e7

vulnerability	VCID-n1jt-6svb-x3e3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.20.2-3%252Bdeb8u11

url pkg:deb/debian/perl@5.24.1-3%2Bdeb9u7

purl pkg:deb/debian/perl@5.24.1-3%2Bdeb9u7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dx7d-j7be-93e7

vulnerability	VCID-n1jt-6svb-x3e3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.24.1-3%252Bdeb9u7

url pkg:deb/debian/perl@5.28.1-6%2Bdeb10u1

purl pkg:deb/debian/perl@5.28.1-6%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n1jt-6svb-x3e3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.28.1-6%252Bdeb10u1

aliases CVE-2017-12883

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx7d-j7be-93e7

url VCID-ktn9-tw2d-37ex

vulnerability_id VCID-ktn9-tw2d-37ex

summary Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6913.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6913.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-6913

reference_id

reference_type

scores

value	0.03896
scoring_system	epss
scoring_elements	0.88483
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-6913

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6913

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1547772
reference_id	1547772
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1547772

reference_url	https://security.gentoo.org/glsa/201909-01
reference_id	GLSA-201909-01
reference_type
scores
url	https://security.gentoo.org/glsa/201909-01

reference_url	https://access.redhat.com/errata/RHSA-2026:6206
reference_id	RHSA-2026:6206
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6206

fixed_packages

url pkg:deb/debian/perl@5.20.2-3%2Bdeb8u11

purl pkg:deb/debian/perl@5.20.2-3%2Bdeb8u11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dx7d-j7be-93e7

vulnerability	VCID-n1jt-6svb-x3e3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.20.2-3%252Bdeb8u11

aliases CVE-2018-6913

risk_score 1.8

exploitability 0.5

weighted_severity 3.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ktn9-tw2d-37ex

url VCID-n1jt-6svb-x3e3

vulnerability_id VCID-n1jt-6svb-x3e3

summary signature forgery

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16156.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16156.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-16156

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05559
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-16156

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015985
reference_id	1015985
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015985

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2035273
reference_id	2035273
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2035273

reference_url

https://security.archlinux.org/AVG-2630

reference_id

AVG-2630

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2630

reference_url	https://access.redhat.com/errata/RHSA-2025:8432
reference_id	RHSA-2025:8432
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8432

fixed_packages

url pkg:deb/debian/perl@5.36.0-7%2Bdeb12u3

purl pkg:deb/debian/perl@5.36.0-7%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zkfz-2wh8-77cg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.36.0-7%252Bdeb12u3

aliases CVE-2020-16156

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1jt-6svb-x3e3

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.8.4-8sarge6

Package Instance